[GH-ISSUE #469] Doesn't work with Synology nginx as it doesn't have a name #296

New issue

Open

opened 2026-02-25 22:33:03 +03:00 by kerem · 5 comments

kerem commented 2026-02-25 22:33:03 +03:00

Owner

Copy link

Originally created by @rightsaidfred99 on GitHub (Sep 22, 2022).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/469

Environment

• Operating system (including version): macOS
• mkcert version (from mkcert -version): 1.4.4
• Server (where the certificate is loaded): Synology
• Client (e.g. browser, CLI tool, or script): Synology

What you did

I can import the certificates into Synology's nginx UI. It loads okay

What went wrong

The problem occurs as the certificate generated doesn't have a name. so you can add domains and subdomains with Synology's UI. I propose that it just ads a title/name to the certificate.

Originally created by @rightsaidfred99 on GitHub (Sep 22, 2022). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/469 ## Environment * Operating system (including version): macOS * mkcert version (from `mkcert -version`): 1.4.4 * Server (where the certificate is loaded): Synology * Client (e.g. browser, CLI tool, or script): Synology ## What you did <!-- Including the `mkcert -install` step and how the certificate was generated and installed. --> I can import the certificates into Synology's nginx UI. It loads okay ## What went wrong <!-- Please include the precise error, like a terminal transcript or a browser screenshot. --> The problem occurs as the certificate generated doesn't have a name. so you can add domains and subdomains with Synology's UI. I propose that it just ads a title/name to the certificate.

kerem commented 2026-02-25 22:33:03 +03:00

Author

Owner

Copy link

@rightsaidfred99 commented on GitHub (Sep 22, 2022):

Sorry, by title - I mean "Issued To" field which Synology requires.

<!-- gh-comment-id:1254461919 --> @rightsaidfred99 commented on GitHub (Sep 22, 2022): Sorry, by title - I mean "Issued To" field which Synology requires.

kerem commented 2026-02-25 22:33:03 +03:00

Author

Owner

Copy link

@android10 commented on GitHub (Oct 7, 2022):

@rightsaidfred99 I'm interested in this one. Where can you see Synology requirements? Maybe with that in mind we can contribute with a PR here.

<!-- gh-comment-id:1271864213 --> @android10 commented on GitHub (Oct 7, 2022): @rightsaidfred99 I'm interested in this one. Where can you see Synology requirements? Maybe with that in mind we can contribute with a PR here.

kerem commented 2026-02-25 22:33:03 +03:00

Author

Owner

Copy link

@elexx commented on GitHub (Jan 16, 2023):

I was not able to find any official certificate requirements by Synology, but I noticed the subject CommonName was not set by mkcert. After setting a CN, Synology accepts the generated certificates. I just pushed an PR to add this.

<!-- gh-comment-id:1384217903 --> @elexx commented on GitHub (Jan 16, 2023): I was not able to find any official certificate requirements by Synology, but I noticed the subject CommonName was not set by mkcert. After setting a CN, Synology accepts the generated certificates. I just pushed an PR to add this.

kerem commented 2026-02-25 22:33:03 +03:00

Author

Owner

Copy link

@elexx commented on GitHub (Jan 16, 2023):

This problem seems btw very similar to https://github.com/FiloSottile/mkcert/issues/47 where iOS would not accept the rootCA if CN was not set.

<!-- gh-comment-id:1384221525 --> @elexx commented on GitHub (Jan 16, 2023): This problem seems btw very similar to https://github.com/FiloSottile/mkcert/issues/47 where iOS would not accept the rootCA if CN was not set.

kerem commented 2026-02-25 22:33:03 +03:00

Author

Owner

Copy link

@pzmarzly commented on GitHub (Oct 24, 2024):

I found that once you have rootCA.pem and rootCA-key.pem generated by mkcert, you can use these commands to generate the certificate that can be used by DSM (Synology OS)

cat > synologynas.local.v3.ext <<-EOF
[ v3_ca ]
subjectAltName = DNS:synologynas.local
EOF

openssl req -new -nodes -keyout synologynas.local.key -out synologynas.local.csr -days 3650 -subj "/CN=synologynas.local"

openssl x509 -req -days 3650 -sha256 -in synologynas.local.csr -CA rootCA.pem -CAkey rootCA-key.pem -CAcreateserial -out synologynas.local.crt -extensions v3_ca -extfile synologynas.local.v3.ext

<!-- gh-comment-id:2436020586 --> @pzmarzly commented on GitHub (Oct 24, 2024): I found that once you have rootCA.pem and rootCA-key.pem generated by mkcert, you can use these commands to generate the certificate that can be used by DSM (Synology OS) ``` cat > synologynas.local.v3.ext <<-EOF [ v3_ca ] subjectAltName = DNS:synologynas.local EOF openssl req -new -nodes -keyout synologynas.local.key -out synologynas.local.csr -days 3650 -subj "/CN=synologynas.local" openssl x509 -req -days 3650 -sha256 -in synologynas.local.csr -CA rootCA.pem -CAkey rootCA-key.pem -CAcreateserial -out synologynas.local.crt -extensions v3_ca -extfile synologynas.local.v3.ext ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.9.1

v0.9.0

Labels

Clear labels   

TLS stack issue

  

Windows

  

bug

  

duplicate

  

duplicate

  

enhancement

  

help wanted

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

root store

  

waiting for info

No labels

TLS stack issue

Windows

bug

duplicate

duplicate

enhancement

help wanted

help wanted

pull-request

question

question

root store

waiting for info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mkcert#296

No description provided.